No subject
Tue Dec 2 02:23:37 GMT 2003
Permissions - Bits capable of being set or reset to allow certain types of
access to it. Permissions for directories may have a different meaning
than the same set of permissions on files.
Read:
To be able to view contents of a file
To be able to read a directory
Write:
To be able to add to or change a file
To be able to delete or move files in a directory
Execute:
To be able to run a binary program or shell script
To be able to search in a directory, combined with read permission
I would recommend that those of you that's unsure about UNIX security read
this HOWTO, as it explains the complexity of security on UNIX
(not that other OS's are less complex, you just don't get to see all of
it..)
--Anders
Tobias Manthey <tmanthey at gmx.de>
Sent by: samba-ntdom-admin at us4.samba.org
09/23/2000 05:58 PM
To: samba-ntdom at us4.samba.org
cc:
Subject: Samba TNG-2.6: File permission problem
Hi all,
please anyone correct me when I state there is no other way to integrate
W2K Clients into a Samba Domain, than to use Samba-TNG?
If so can help me anyone with the following problem.
The follwing directory is shared among the clients
drwxrwxrwx 8 tobias manager 4096 Sep 24 00:30 public
[public]
path = /usr/local/samba/shares/public
public = no
comment = Public Share
create mask = 775
directory mask = 775
writable = yes
force create mode = 774
My goal is to create directories to which an ordinary user can add files
but cannot overwrite the existing ones.
So my apporach was the following:
create a file below public:
-rw-r--r-- 1 tobias manager 0 Sep 24 00:44 test.txt
(note that a ordinary user does no belong to the group manager)
But I was kinda suprised that every user can delete this file. Even if it
belonds to root:root with 700 permissions. Is this a wanted behavior?
TIA
Tobias
--
Sent through GMX FreeMail - http://www.gmx.net
--=_alternative 002A9CDC87256964_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="sans-serif">Forgot to add:</font>
<br>
<br><font size=2 face="sans-serif">chmod o+t directoryname <dirname> should do the trick</font>
<br><font size=2 face="sans-serif">(pay attention to your /tmp, as this should have this set as well... )</font>
<br>
<br><font size=3 face="Courier New">PS: I't in the HOWTO as well.</font>
<br>
<br><font size=3 face="Courier New">--Anders</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>anders at cwd.no</b></font>
<br><font size=1 face="sans-serif">Sent by: samba-ntdom-admin at us4.samba.org</font>
<p><font size=1 face="sans-serif">09/24/2000 01:39 AM</font>
<br>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> To: Tobias Manthey <tmanthey at gmx.de></font>
<br><font size=1 face="sans-serif"> cc: samba-ntdom at us4.samba.org</font>
<br><font size=1 face="sans-serif"> Subject: Re: Samba TNG-2.6: File permission problem</font></table>
<br>
<br><font size=2 face="sans-serif"><br>
This is not a samba-issue, it's defined behavior under *NIX:</font><font size=3 face="Times New Roman"> <br>
</font><font size=2 face="sans-serif"><br>
Delete access under UNIX requires w(rite) access to the directory which the file is placed in, i.e. your WORLD-writeable directory is <br>
the reason for this.</font><font size=3 face="Times New Roman"> <br>
</font><font size=2 face="sans-serif"><br>
More information about the samba-ntdom
mailing list